{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/agile-north/rexo/schema/v1.0/rexo.schema.json", "title": "Rexo repository configuration schema", "description": "Schema for repo.json, the main Rexo repository runtime configuration file.", "type": "object", "additionalProperties": false, "required": [ "$schema", "schemaVersion", "name" ], "properties": { "$schema": { "type": "string", "description": "Schema URI/path used by editors and validation. Use the canonical remote URL for shared repositories.", "enum": [ "https://raw.githubusercontent.com/agile-north/rexo/schema/v1.0/rexo.schema.json", "rexo.schema.json", "./rexo.schema.json", "../rexo.schema.json", ".rexo/rexo.schema.json" ] }, "schemaVersion": { "type": "string", "description": "Schema contract version for this config file. Currently only 1.0 is supported.", "const": "1.0" }, "name": { "type": "string", "description": "Human-friendly repository/runtime name shown in command output.", "minLength": 1 }, "description": { "type": "string", "description": "Optional longer description of the repository runtime." }, "version": { "type": "string", "description": "Optional static version string. Most repositories should prefer the versioning section instead." }, "extends": { "type": "array", "description": "List of config sources to merge into this config before applying local values. Supports embedded lifecycle policies via the 'embedded:' URI scheme (e.g. 'embedded:standard', 'embedded:dotnet') and local file paths. Embedded policies provide shared lifecycle commands (build, test, verify, release, plan, push, etc.). Use 'rx policies list' to see available embedded policies.", "items": { "type": "string" } }, "policySources": { "type": "array", "description": "Policy-only sources loaded and merged into the effective config before the local policy.json and REXO_POLICY_SOURCES env-var sources. Each entry supports the same source types as REXO_POLICY_SOURCES: HTTPS URL (optionally with #sha256= pin), git+ reference (git+@#), nuget: reference (nuget:@#), or a local file path. REXO_POLICY_SOURCES always wins over config-declared sources. Use this for opt-in team policies that should be version-controlled alongside the repo.", "items": { "type": "string" } }, "commands": { "type": "object", "description": "Command map exposed by rx. Keys are command names and values define arguments, options, and steps.", "additionalProperties": { "$ref": "#/$defs/repoCommand" } }, "aliases": { "type": "object", "description": "Simple command aliases. Key is alias name, value is the target command string.", "additionalProperties": { "type": "string" } }, "versioning": { "description": "Version provider configuration used by builtin:resolve-version.", "$ref": "#/$defs/versioning" }, "artifacts": { "type": "array", "description": "Artifact definitions used by builtin:build-artifacts, builtin:tag-artifacts, and builtin:push-artifacts.", "items": { "$ref": "#/$defs/artifact" } }, "runtime": { "description": "Cross-cutting runtime policy configuration for output and push behavior.", "$ref": "#/$defs/runtime" }, "outputs": { "description": "Output path contract. Resolved paths are available as {{outputs.*}} in policy command templates.", "$ref": "#/$defs/outputsConfig" }, "settings": { "description": "Toolchain-specific settings available as {{settings.*}} in policy command templates.", "$ref": "#/$defs/settings" }, "vars": { "description": "Free-form template variable bag. All values are accessible as {{vars.*}} in step run strings and support arbitrary nesting (e.g. {{vars.dotnet.solution}}).", "$ref": "#/$defs/vars" }, "capabilities": { "description": "Runtime capability requirements and compatibility contract expectations.", "$ref": "#/$defs/capabilityContract" } }, "$defs": { "settings": { "type": "object", "description": "Free-form toolchain settings bag available as {{settings.*}} in templates.", "additionalProperties": true }, "vars": { "type": "object", "description": "Free-form template variable bag. Accessible as {{vars.*}} in step run strings. Values can be strings, numbers, booleans, or arbitrarily nested objects.", "additionalProperties": true }, "capabilityContract": { "type": "object", "additionalProperties": false, "description": "Declares compatibility against runtime capability contract and required features.", "properties": { "contractVersion": { "type": "string", "description": "Capability contract version expected by this config. Current runtime contract is 1.0." }, "required": { "type": "array", "description": "Capabilities that must be supported by the active runtime.", "items": { "type": "string", "minLength": 1 } } } }, "repoCommand": { "type": "object", "description": "Reusable command definition for both repository and policy commands.", "additionalProperties": false, "required": [ "steps" ], "properties": { "description": { "type": "string", "description": "Human-readable command summary used in help/list output." }, "args": { "type": "object", "description": "Positional argument declarations keyed by argument name.", "additionalProperties": { "$ref": "#/$defs/argConfig" } }, "options": { "type": "object", "description": "Named option declarations keyed by option name.", "additionalProperties": { "$ref": "#/$defs/optionConfig" } }, "steps": { "type": "array", "description": "Ordered execution steps that implement the command.", "items": { "$ref": "#/$defs/step" } }, "maxParallel": { "type": "integer", "description": "Maximum concurrent step execution when parallel groups are used.", "minimum": 1 }, "merge": { "description": "Layered command composition behavior. Accepts legacy string mode or merge envelope object.", "$ref": "#/$defs/commandMerge" }, "stepOps": { "description": "Legacy explicit step-level extension operations. Prefer merge.steps envelope.", "$ref": "#/$defs/commandStepOps" } } }, "commandMerge": { "description": "Command merge configuration. Can be a legacy scalar mode or envelope object.", "oneOf": [ { "$ref": "#/$defs/commandMergeMode" }, { "$ref": "#/$defs/commandMergeEnvelope" } ] }, "commandMergeMode": { "type": "string", "description": "Layered command composition mode for this command.", "enum": [ "layer", "replace", "append", "prepend", "wrap" ] }, "commandMergeEnvelope": { "type": "object", "additionalProperties": false, "description": "Unified merge envelope containing mode and optional step operations.", "properties": { "mode": { "$ref": "#/$defs/commandMergeMode" }, "steps": { "$ref": "#/$defs/commandStepOps" } } }, "commandStepOps": { "type": "object", "additionalProperties": false, "properties": { "remove": { "type": "array", "description": "Step ids to remove from the inherited command pipeline.", "items": { "type": "string", "minLength": 1 } }, "replace": { "type": "array", "description": "Step replacements by id.", "items": { "$ref": "#/$defs/stepReplace" } }, "prepend": { "type": "array", "description": "Steps inserted before the inherited pipeline.", "items": { "$ref": "#/$defs/step" } }, "append": { "type": "array", "description": "Steps added after the inherited pipeline.", "items": { "$ref": "#/$defs/step" } } } }, "stepReplace": { "type": "object", "additionalProperties": false, "required": ["id", "step"], "properties": { "id": { "type": "string", "minLength": 1, "description": "Target step id to replace." }, "step": { "$ref": "#/$defs/step" } } }, "argConfig": { "type": "object", "description": "Configuration for a positional command argument.", "additionalProperties": false, "required": [ "required" ], "properties": { "required": { "type": "boolean", "description": "Whether this positional argument must be supplied by the caller." }, "description": { "type": "string", "description": "Help text shown for the argument." } } }, "optionConfig": { "type": "object", "description": "Configuration for a named command option.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "type": "string", "description": "Option value type identifier.", "enum": [ "string", "bool", "boolean", "int", "integer", "number" ], "default": "string" }, "default": { "type": [ "string", "boolean", "number", "integer" ], "description": "Default value used when the caller does not provide this option." }, "allowed": { "type": "array", "description": "Optional allowed values list enforced at runtime.", "items": { "type": "string" } } } }, "step": { "type": "object", "description": "Single executable unit in a command pipeline. Exactly one of run, uses, or command must be set.", "additionalProperties": false, "properties": { "id": { "type": "string", "description": "Stable step identifier for logging, dependency wiring, and output references." }, "command": { "type": "string", "description": "Invokes another configured command by name." }, "uses": { "type": "string", "description": "Invokes a built-in primitive (for example builtin:resolve-version)." }, "run": { "type": "string", "description": "Shell command text to execute.", "examples": [ "dotnet test -c Release --no-build", "docker build -f Dockerfile -t my-app:local ." ] }, "when": { "type": "string", "description": "Conditional expression that controls whether the step runs." }, "with": { "type": "object", "description": "String key/value inputs passed to the selected built-in or command.", "examples": [ { "confirm": "{{options.push}}" }, { "push": "{{options.push}}", "stage": "{{args.stage | default(publish)}}" } ], "additionalProperties": { "type": "string" } }, "description": { "type": "string", "description": "Optional step summary shown in plan/log output." }, "whenExists": { "type": "boolean", "description": "Only for command steps. When true, missing target commands are skipped successfully instead of failing." }, "continueOnError": { "type": "boolean", "description": "Continue executing subsequent steps when this step fails." }, "parallel": { "type": "boolean", "description": "Marks the step as eligible for parallel scheduling with other independent steps." }, "dependsOn": { "type": "array", "description": "List of step ids that must complete before this step executes.", "items": { "type": "string" } }, "outputPattern": { "type": "string", "description": "Regex pattern used by compatible steps to capture structured output values." }, "outputFile": { "type": "string", "description": "Path to an output file consumed by compatible steps for captured outputs." }, "outputs": { "type": "object", "description": "Step output declarations. Each key names an output category; values are arrays of glob patterns relative to the repository root that identify produced files.", "additionalProperties": { "type": "array", "items": { "type": "string" } } } }, "anyOf": [ { "required": ["run"] }, { "required": ["uses"] }, { "required": ["command"] } ] }, "versioning": { "type": "object", "additionalProperties": false, "required": [ "provider" ], "properties": { "provider": { "type": "string", "description": "Version provider to use. 'auto' (default) detects the right provider from config file evidence: version.json/nbgv.json → nbgv; GitVersion.yml → gitversion; .minverrc → minver; .git present → git; otherwise → fixed.", "enum": [ "auto", "fixed", "env", "git", "gitversion", "minver", "nbgv" ], "default": "auto" }, "fallback": { "type": "string", "description": "Version string used when the provider cannot resolve a version (e.g. no tags yet).", "default": "0.1.0-local" }, "settings": { "type": "object", "description": "Provider-specific settings. Common keys: variable (env), tagPrefix/minimumMajorMinor (minver). Docker fallback keys (all providers except fixed/env/git): useDocker (default true — set false to disable), dockerImage (override the default Docker image).", "additionalProperties": { "$ref": "#/$defs/settingValue" } } } }, "artifact": { "description": "Artifact declaration. Choose docker, nuget, helm-oci, npm, pypi, maven, gradle, rubygems, terraform, helm, docker-compose, or a custom provider type.", "anyOf": [ { "$ref": "#/$defs/dockerArtifact" }, { "$ref": "#/$defs/nugetArtifact" }, { "$ref": "#/$defs/helmOciArtifact" }, { "$ref": "#/$defs/npmArtifact" }, { "$ref": "#/$defs/pypiArtifact" }, { "$ref": "#/$defs/mavenArtifact" }, { "$ref": "#/$defs/gradleArtifact" }, { "$ref": "#/$defs/rubygemsArtifact" }, { "$ref": "#/$defs/terraformArtifact" }, { "$ref": "#/$defs/helmArtifact" }, { "$ref": "#/$defs/dockerComposeArtifact" }, { "$ref": "#/$defs/genericArtifact" } ] }, "dockerArtifact": { "type": "object", "description": "Docker image artifact configuration.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "docker", "description": "Selects the docker artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests. When omitted, falls back to the root config name." }, "settings": { "description": "Provider-specific docker build, tag, and push settings.", "$ref": "#/$defs/dockerArtifactSettings" } } }, "nugetArtifact": { "type": "object", "description": "NuGet package artifact configuration.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "nuget", "description": "Selects the nuget artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests. When omitted, falls back to the root config name." }, "settings": { "description": "Provider-specific nuget pack/push settings.", "$ref": "#/$defs/nugetArtifactSettings" } } }, "genericArtifact": { "type": "object", "description": "Fallback artifact shape for custom providers not explicitly modeled in this schema.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "type": "string", "description": "Custom provider type key.", "not": { "enum": [ "docker", "nuget", "helm-oci", "npm", "pypi", "maven", "gradle", "rubygems", "terraform", "helm", "docker-compose" ] } }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests. When omitted, falls back to the root config name." }, "settings": { "type": "object", "description": "Provider-specific arbitrary settings for custom artifact providers.", "additionalProperties": { "$ref": "#/$defs/artifactSettingValue" } } } }, "helmOciArtifact": { "type": "object", "description": "Helm chart artifact pushed to OCI registry.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "helm-oci", "description": "Selects the Helm OCI artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests. When omitted, falls back to the root config name." }, "settings": { "description": "Provider-specific Helm package and OCI push settings.", "$ref": "#/$defs/helmOciArtifactSettings" } } }, "npmArtifact": { "type": "object", "description": "npm package artifact configuration.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "npm", "description": "Selects the npm artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests." }, "settings": { "type": "object", "description": "npm pack/publish settings.", "additionalProperties": false, "properties": { "directory": { "type": "string", "description": "Working directory containing package.json. Defaults to repo root." }, "target": { "type": "object", "description": "Target settings for npm publish endpoint and credential env-name overrides.", "additionalProperties": false, "properties": { "registry": { "type": "string", "description": "npm registry URL for publish." }, "registryEnv": { "type": "string", "description": "Environment variable name containing target npm registry URL. Defaults to NPM_TARGET_REGISTRY." }, "tokenEnv": { "type": "string", "description": "Environment variable name containing npm auth token. Defaults to NPM_TOKEN." } } }, "access": { "type": "string", "description": "Package access level.", "enum": [ "public", "restricted" ] }, "tag": { "type": "string", "description": "Distribution tag to publish under. Defaults to version." }, "useDocker": { "type": "boolean", "description": "Use a Docker container as a fallback runtime when npm is not installed on the host. Defaults to true." }, "dockerImage": { "type": "string", "description": "Docker image used when falling back to the containerized npm runtime. Defaults to node:lts-alpine." }, "extra-build-args": { "type": "string", "description": "Additional space-separated arguments appended to the npm pack command." }, "extra-push-args": { "type": "string", "description": "Additional space-separated arguments appended to the npm publish command." } } } } }, "pypiArtifact": { "type": "object", "description": "Python/PyPI package artifact configuration.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "pypi", "description": "Selects the PyPI artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests." }, "settings": { "type": "object", "description": "python -m build / twine upload settings.", "additionalProperties": false, "properties": { "directory": { "type": "string", "description": "Working directory. Defaults to repo root." }, "target": { "type": "object", "description": "Target settings for twine endpoint and credential env-name overrides.", "additionalProperties": false, "properties": { "repositoryUrl": { "type": "string", "description": "PyPI repository URL for twine upload." }, "repositoryUrlEnv": { "type": "string", "description": "Environment variable name containing repository URL. Defaults to PYPI_TARGET_REPOSITORY_URL." }, "apiTokenEnv": { "type": "string", "description": "Environment variable name containing API token. Defaults to TWINE_API_TOKEN." }, "usernameEnv": { "type": "string", "description": "Environment variable name containing username. Defaults to TWINE_USERNAME." }, "passwordEnv": { "type": "string", "description": "Environment variable name containing password. Defaults to TWINE_PASSWORD." } } }, "dist-dir": { "type": "string", "description": "Distribution directory pattern. Defaults to 'dist/*'." }, "useDocker": { "type": "boolean", "description": "Use a Docker container as a fallback runtime when python/python3 is not installed on the host. Defaults to true." }, "dockerImage": { "type": "string", "description": "Docker image used when falling back to the containerized Python runtime. Defaults to python:3-slim. The default image does not include build or twine — provide a custom image if needed." }, "extra-build-args": { "type": "string", "description": "Additional space-separated arguments appended to the python -m build command." }, "extra-push-args": { "type": "string", "description": "Additional space-separated arguments appended to the python -m twine upload command." } } } } }, "mavenArtifact": { "type": "object", "description": "Maven package/deploy artifact configuration.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "maven", "description": "Selects the Maven artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests." }, "settings": { "type": "object", "description": "mvn package/deploy settings.", "additionalProperties": false, "properties": { "project": { "type": "string", "description": "Path to the pom.xml file. Defaults to root pom.xml." }, "profiles": { "type": "string", "description": "Comma-separated Maven profiles to activate." }, "target": { "type": "object", "description": "Target credential env-name overrides for Maven publishing.", "additionalProperties": false, "properties": { "usernameEnv": { "type": "string", "description": "Environment variable name containing Maven username. Defaults to MAVEN_REPO_USERNAME." }, "passwordEnv": { "type": "string", "description": "Environment variable name containing Maven password/token. Defaults to MAVEN_REPO_PASSWORD." } } }, "useDocker": { "type": "boolean", "description": "Use a Docker container as a fallback runtime when mvn is not installed on the host. Defaults to true." }, "dockerImage": { "type": "string", "description": "Docker image used when falling back to the containerized Maven runtime. Defaults to maven:3-eclipse-temurin-21." }, "extra-build-args": { "type": "string", "description": "Additional space-separated arguments appended to mvn package." }, "extra-push-args": { "type": "string", "description": "Additional space-separated arguments appended to mvn deploy." } } } } }, "gradleArtifact": { "type": "object", "description": "Gradle build/publish artifact configuration.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "gradle", "description": "Selects the Gradle artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests." }, "settings": { "type": "object", "description": "Gradle build/publish settings.", "additionalProperties": false, "properties": { "tasks": { "type": "string", "description": "Gradle tasks to run for build. Defaults to 'build'." }, "wrapper": { "type": "boolean", "description": "Use Gradle wrapper (gradlew) if present. Defaults to true." }, "directory": { "type": "string", "description": "Working directory containing build.gradle. Defaults to repo root." }, "target": { "type": "object", "description": "Target credential env-name overrides for Gradle publish flows.", "additionalProperties": false, "properties": { "usernameEnv": { "type": "string", "description": "Environment variable name containing Maven publish username. Defaults to ORG_GRADLE_PROJECT_mavenUsername." }, "passwordEnv": { "type": "string", "description": "Environment variable name containing Maven publish password. Defaults to ORG_GRADLE_PROJECT_mavenPassword." }, "publishKeyEnv": { "type": "string", "description": "Environment variable name containing Gradle Plugin Portal publish key. Defaults to GRADLE_PUBLISH_KEY." }, "publishSecretEnv": { "type": "string", "description": "Environment variable name containing Gradle Plugin Portal publish secret. Defaults to GRADLE_PUBLISH_SECRET." } } }, "useDocker": { "type": "boolean", "description": "Use a Docker container as a fallback runtime when gradle is not installed on the host. Defaults to true." }, "dockerImage": { "type": "string", "description": "Docker image used when falling back to the containerized Gradle runtime. Defaults to gradle:8-jdk21." }, "extra-build-args": { "type": "string", "description": "Additional space-separated arguments appended to the Gradle build task(s)." }, "extra-push-args": { "type": "string", "description": "Additional space-separated arguments appended to the Gradle publish task." } } } } }, "rubygemsArtifact": { "type": "object", "description": "RubyGems gem build/push artifact configuration.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "rubygems", "description": "Selects the RubyGems artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests." }, "settings": { "type": "object", "description": "gem build/push settings.", "additionalProperties": false, "properties": { "gemspec": { "type": "string", "description": "Path or glob to the .gemspec file. Defaults to '*.gemspec'." }, "target": { "type": "object", "description": "Target settings for RubyGems source and credential env-name overrides.", "additionalProperties": false, "properties": { "source": { "type": "string", "description": "Gem server source URL for gem push." }, "sourceEnv": { "type": "string", "description": "Environment variable name containing target source URL. Defaults to RUBYGEMS_TARGET_SOURCE." }, "apiKeyEnv": { "type": "string", "description": "Environment variable name containing API key/token. Defaults to GEM_HOST_API_KEY." } } }, "gem-pattern": { "type": "string", "description": "Glob pattern for the built gem file to push. Defaults to '*.gem'." }, "directory": { "type": "string", "description": "Working directory. Defaults to repo root." }, "useDocker": { "type": "boolean", "description": "Use a Docker container as a fallback runtime when gem is not installed on the host. Defaults to true." }, "dockerImage": { "type": "string", "description": "Docker image used when falling back to the containerized Ruby runtime. Defaults to ruby:3-alpine." }, "extra-build-args": { "type": "string", "description": "Additional space-separated arguments appended to gem build." }, "extra-push-args": { "type": "string", "description": "Additional space-separated arguments appended to gem push." } } } } }, "terraformArtifact": { "type": "object", "description": "Terraform plan/apply artifact configuration.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "terraform", "description": "Selects the Terraform artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests." }, "settings": { "type": "object", "description": "terraform init/plan/apply settings.", "additionalProperties": false, "properties": { "directory": { "type": "string", "description": "Directory containing Terraform configuration. Defaults to '.'." }, "target": { "type": "object", "description": "Target settings for Terraform workspace and var-file env overrides.", "additionalProperties": false, "properties": { "workspace": { "type": "string", "description": "Terraform workspace to select before apply." }, "workspaceEnv": { "type": "string", "description": "Environment variable name containing Terraform workspace. Defaults to TERRAFORM_TARGET_WORKSPACE." }, "varFile": { "type": "string", "description": "Path to a .tfvars file to pass to terraform plan." }, "varFileEnv": { "type": "string", "description": "Environment variable name containing tfvars file path. Defaults to TERRAFORM_TARGET_VAR_FILE." } } }, "useDocker": { "type": "boolean", "description": "Use a Docker container as a fallback runtime when terraform is not installed on the host. Defaults to true." }, "dockerImage": { "type": "string", "description": "Docker image used when falling back to the containerized Terraform runtime. Defaults to hashicorp/terraform:1.9." }, "extra-build-args": { "type": "string", "description": "Additional space-separated arguments appended to terraform plan." }, "extra-push-args": { "type": "string", "description": "Additional space-separated arguments appended to terraform apply." } } } } }, "helmArtifact": { "type": "object", "description": "Helm chart package/push artifact configuration (non-OCI).", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "helm", "description": "Selects the Helm (non-OCI) artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests." }, "settings": { "type": "object", "description": "helm package/push settings.", "additionalProperties": false, "properties": { "chart": { "type": "string", "description": "Path to the chart directory. Defaults to '.'." }, "chart-directory": { "type": "string", "description": "Path to the chart directory. Defaults to '.'." }, "output-directory": { "type": "string", "description": "Directory where packaged .tgz files are written. Defaults to repo root." }, "target": { "type": "object", "description": "Target settings for helm repository endpoint and credential env-name overrides.", "additionalProperties": false, "properties": { "repository": { "type": "string", "description": "Chart Museum repo URL (https://…) for helm cm-push, or a local filesystem path for file copy." }, "repositoryEnv": { "type": "string", "description": "Environment variable name containing target repository. Defaults to HELM_TARGET_REPOSITORY." }, "usernameEnv": { "type": "string", "description": "Environment variable name containing repository username. Defaults to HELM_REPO_USERNAME." }, "passwordEnv": { "type": "string", "description": "Environment variable name containing repository password/token. Defaults to HELM_REPO_PASSWORD." } } }, "useDocker": { "type": "boolean", "description": "Use a Docker container as a fallback runtime when helm is not installed on the host. Defaults to true." }, "dockerImage": { "type": "string", "description": "Docker image used when falling back to the containerized Helm runtime. Defaults to alpine/helm:3.17.3." }, "extra-build-args": { "type": "string", "description": "Additional space-separated arguments appended to helm package." }, "extra-push-args": { "type": "string", "description": "Additional space-separated arguments appended to helm cm-push." } } } } }, "dockerComposeArtifact": { "type": "object", "description": "Docker Compose build/push artifact configuration.", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "const": "docker-compose", "description": "Selects the Docker Compose artifact provider." }, "name": { "type": "string", "description": "Logical artifact name used in logs and manifests." }, "settings": { "type": "object", "description": "docker compose build/push settings.", "additionalProperties": false, "properties": { "file": { "type": "string", "description": "Path to the docker-compose file. Defaults to docker-compose.yml." }, "project-name": { "type": "string", "description": "Docker Compose project name (-p flag)." }, "services": { "type": "string", "description": "Space-separated list of services to build/push. Defaults to all." }, "target": { "type": "object", "description": "Target settings for compose registry and login env-name overrides.", "additionalProperties": false, "properties": { "registry": { "type": "string", "description": "Container registry URL. When set, docker login is performed before push using resolved credentials." }, "registryEnv": { "type": "string", "description": "Environment variable name containing target registry URL/host. Defaults to DOCKER_COMPOSE_TARGET_REGISTRY." }, "usernameEnv": { "type": "string", "description": "Environment variable name containing docker login username. Defaults to DOCKER_LOGIN_USERNAME." }, "passwordEnv": { "type": "string", "description": "Environment variable name containing docker login password/token. Defaults to DOCKER_LOGIN_PASSWORD." }, "loginRegistryEnv": { "type": "string", "description": "Environment variable name containing docker login registry override. Defaults to DOCKER_LOGIN_REGISTRY." } } }, "extra-build-args": { "type": "string", "description": "Additional space-separated arguments appended to docker compose build." }, "extra-push-args": { "type": "string", "description": "Additional space-separated arguments appended to docker compose push." } } } } }, "stringOrStringArray": { "description": "Convenience type that accepts either a single string value or a string array.", "oneOf": [ { "type": "string" }, { "type": "array", "items": { "type": "string" } } ] }, "tagKind": { "type": "string", "description": "Supported Docker tag strategy kind.", "enum": [ "full", "semver", "majorMinor", "majorminor", "major-minor", "major", "branch", "sha", "latest-on-main" ] }, "tagKindOrTagKindArray": { "description": "One Docker tag strategy kind or a list of tag strategy kinds.", "oneOf": [ { "$ref": "#/$defs/tagKind" }, { "type": "array", "items": { "$ref": "#/$defs/tagKind" } } ] }, "buildArgValue": { "description": "Supported primitive value for a single Docker build argument.", "oneOf": [ { "type": "string" }, { "type": "number" }, { "type": "integer" }, { "type": "boolean" } ] }, "buildArgsValue": { "description": "Accepted forms for Docker build arguments: inline string, key/value object, or list.", "oneOf": [ { "type": "string" }, { "type": "object", "additionalProperties": { "$ref": "#/$defs/buildArgValue" } }, { "type": "array", "items": { "$ref": "#/$defs/buildArgValue" } } ] }, "secretSpec": { "type": "object", "description": "Docker build secret source. Provide either env or file.", "additionalProperties": false, "properties": { "env": { "type": "string", "description": "Environment variable name that contains the secret value." }, "file": { "type": "string", "description": "Path to a file containing the secret value." } }, "oneOf": [ { "required": [ "env" ] }, { "required": [ "file" ] } ] }, "aliasesRule": { "type": "object", "description": "Conditional docker alias tag rule applied to the current branch name.", "additionalProperties": false, "required": [ "match", "template" ], "properties": { "match": { "type": "string", "description": "Branch match expression (wildcard or regex:... syntax)." }, "template": { "type": "string", "description": "Alias template supporting tokens such as $BRANCH and capture groups like $1." }, "sanitize": { "type": "string", "description": "Optional alias sanitation mode.", "enum": [ "sanitized" ] } } }, "dockerStage": { "type": "object", "description": "Named multi-stage docker build configuration entry.", "additionalProperties": false, "properties": { "target": { "type": "string", "description": "Dockerfile stage target passed via --target." }, "output": { "description": "Build output destination(s) for this stage.", "$ref": "#/$defs/stringOrStringArray" }, "runner": { "type": "string", "description": "Docker runner to use for this stage (build, buildx, or auto-detect).", "enum": [ "build", "buildx", "auto" ] }, "platform": { "type": "string", "description": "Target platform for the stage (for example linux/amd64)." } } }, "dockerArtifactSettings": { "type": "object", "description": "Detailed docker provider settings covering image naming, build, tagging, aliases, and push behavior.", "additionalProperties": false, "properties": { "image": { "type": "string", "description": "Final docker image repository name. If omitted, the artifact name is used." }, "dockerfile": { "type": "string", "description": "Path to the Dockerfile." }, "file": { "type": "string", "description": "Alias of dockerfile for compatibility." }, "context": { "type": "string", "description": "Docker build context path." }, "runner": { "type": "string", "description": "Docker command flavor to use for build operations.", "enum": [ "build", "buildx", "auto" ], "default": "build" }, "platform": { "type": "string", "description": "Build platform passed to docker via --platform." }, "buildTarget": { "type": "string", "description": "Dockerfile target stage name.", "examples": [ "build", "publish" ] }, "buildOutput": { "description": "Build output option(s) passed to docker --output.", "$ref": "#/$defs/stringOrStringArray" }, "buildArgs": { "description": "Build arguments for docker --build-arg.", "$ref": "#/$defs/buildArgsValue" }, "secrets": { "type": "object", "description": "Named docker build secrets.", "additionalProperties": { "$ref": "#/$defs/secretSpec" } }, "registry": { "type": "string", "description": "Legacy shorthand for target registry host. Prefer target.registry." }, "repository": { "type": "string", "description": "Legacy shorthand for target repository path. Prefer target.repository." }, "target": { "type": "object", "description": "Target registry/repository destination used to compose the image name.", "additionalProperties": false, "properties": { "registry": { "type": "string", "description": "Registry host, for example ghcr.io or myregistry.example.com:5000." }, "repository": { "type": "string", "description": "Repository namespace/name within the registry." } } }, "loginRegistry": { "type": "string", "description": "Registry host used for docker login when different from target registry." }, "login": { "type": "object", "description": "Login override settings for docker authentication.", "additionalProperties": false, "properties": { "registry": { "type": "string", "description": "Registry host used for login." } } }, "cleanupLocal": { "description": "Legacy cleanup switch. true/false or auto (auto cleans up in CI). Prefer cleanup.local.", "oneOf": [ { "type": "boolean" }, { "type": "string", "enum": [ "auto", "true", "false" ] } ] }, "cleanup": { "type": "object", "description": "Post-build local cleanup settings.", "additionalProperties": false, "properties": { "local": { "description": "Controls local image cleanup after build: true, false, or auto.", "oneOf": [ { "type": "boolean" }, { "type": "string", "enum": [ "auto", "true", "false" ] } ] } } }, "pushEnabled": { "type": "boolean", "description": "Legacy push enable flag. Prefer push.enabled.", "default": true }, "pushBranches": { "description": "Legacy push branch allow-list. Prefer push.branches.", "$ref": "#/$defs/stringOrStringArray" }, "denyNonPublicPush": { "type": "boolean", "description": "Legacy switch to prevent pushes from non-public build classifications. Prefer push.denyNonPublicPush.", "default": false }, "push": { "type": "object", "description": "Push policy for this docker artifact.", "examples": [ { "enabled": true, "branches": ["main", "release/*"], "denyNonPublicPush": true } ], "additionalProperties": false, "properties": { "enabled": { "type": "boolean", "description": "Enables docker push for this artifact.", "default": true }, "branches": { "description": "Allowed branch patterns for pushing this artifact.", "examples": [ ["main", "release/*"], "main,release/*" ], "$ref": "#/$defs/stringOrStringArray" }, "branchesShortcut": { "type": "string", "description": "Shortcut CSV/string form for branches; merged with push.branches." }, "denyNonPublicPush": { "type": "boolean", "description": "Blocks push when build classification resolves to non-public.", "default": false } } }, "latest": { "type": "boolean", "description": "Legacy switch to emit latest tag. Prefer tags.latest via tag policy settings.", "default": false }, "tags": { "description": "Tag strategy names (for example full, majorMinor, major, branch, sha) or a custom list.", "examples": [ ["full", "majorMinor", "major"], ["full", "branch", "sha"], "full" ], "$ref": "#/$defs/tagKindOrTagKindArray" }, "publicBuild": { "type": "boolean", "description": "Legacy explicit build classification as public/non-public. Prefer build.public." }, "build": { "type": "object", "description": "Build classification controls.", "additionalProperties": false, "properties": { "public": { "type": "boolean", "description": "When set, forces public/non-public build classification." } } }, "publicBranches": { "description": "Legacy branch patterns classified as public builds. Prefer classification.publicBranches.", "$ref": "#/$defs/stringOrStringArray" }, "publicBranchesShortcut": { "type": "string", "description": "Legacy shortcut string for publicBranches." }, "nonPublicBranches": { "description": "Legacy branch patterns classified as non-public builds. Prefer classification.nonPublicBranches.", "$ref": "#/$defs/stringOrStringArray" }, "nonPublicBranchesShortcut": { "type": "string", "description": "Legacy shortcut string for nonPublicBranches." }, "classification": { "type": "object", "description": "Branch-based build classification rules.", "additionalProperties": false, "properties": { "publicBranches": { "description": "Branch patterns treated as public builds.", "$ref": "#/$defs/stringOrStringArray" }, "publicBranchesShortcut": { "type": "string", "description": "Shortcut string for publicBranches.", "examples": [ "main,release/*" ] }, "nonPublicBranches": { "description": "Branch patterns treated as non-public builds.", "$ref": "#/$defs/stringOrStringArray" }, "nonPublicBranchesShortcut": { "type": "string", "description": "Shortcut string for nonPublicBranches." } } }, "tagPolicy": { "type": "object", "description": "Default tag kinds applied by build classification when explicit tags are not set.", "additionalProperties": false, "properties": { "public": { "description": "Tag kinds for public builds.", "$ref": "#/$defs/tagKindOrTagKindArray" }, "nonPublic": { "description": "Tag kinds for non-public builds.", "$ref": "#/$defs/tagKindOrTagKindArray" } } }, "nonPublicMode": { "type": "string", "description": "Optional mode override for non-public tagging behavior.", "enum": [ "full-only" ] }, "aliases": { "type": "object", "description": "Additional human-friendly alias tags generated from branch names.", "additionalProperties": false, "properties": { "branch": { "type": "boolean", "description": "Emit alias from raw branch name." }, "sanitizedBranch": { "type": "boolean", "description": "Emit alias from slug/sanitized branch name." }, "sanitize": { "type": "boolean", "description": "Sanitize alias output strings by default." }, "prefix": { "type": "string", "description": "Prefix added to generated aliases." }, "suffix": { "type": "string", "description": "Suffix added to generated aliases." }, "nonPublicPrefix": { "type": "string", "description": "Prefix used when build classification is non-public." }, "rules": { "type": "array", "description": "Ordered alias mapping rules; first matching rule is applied.", "items": { "$ref": "#/$defs/aliasesRule" } } } }, "stages": { "type": "object", "description": "Named build stage definitions for multi-stage Dockerfile workflows.", "additionalProperties": { "$ref": "#/$defs/dockerStage" } }, "stageFallback": { "type": "boolean", "description": "When true, run a final full build after configured stages to produce final tags.", "default": true } } }, "nugetArtifactSettings": { "type": "object", "description": "Settings for dotnet pack and dotnet nuget push operations.", "additionalProperties": false, "properties": { "project": { "type": "string", "description": "Path to the .csproj/.fsproj to pack." }, "output": { "type": "string", "description": "Package output directory for generated .nupkg files." }, "target": { "type": "object", "description": "Structured target settings for NuGet push.", "additionalProperties": false, "properties": { "source": { "type": "string", "description": "NuGet source/feed URL or name used for push." }, "sourceEnv": { "type": "string", "description": "Environment variable name containing target source/feed. Defaults to NUGET_TARGET_SOURCE." }, "apiKeyEnv": { "type": "string", "description": "Environment variable name containing API key/token. Defaults to NUGET_API_KEY (fallback alias: NUGET_AUTH_TOKEN)." } } }, "symbols": { "type": "object", "description": "Optional symbol package (.snupkg) push settings.", "additionalProperties": false, "properties": { "enabled": { "type": "boolean", "description": "When true, pushes matching .snupkg files for this artifact.", "default": false }, "source": { "type": "string", "description": "Symbol server/feed URL or name used for symbol package push. Defaults to target.source when omitted." }, "sourceEnv": { "type": "string", "description": "Environment variable name containing symbol target source/feed. Defaults to NUGET_SYMBOL_TARGET_SOURCE." }, "apiKeyEnv": { "type": "string", "description": "Environment variable name containing symbol API key/token. Defaults to NUGET_SYMBOL_API_KEY (fallbacks: NUGET_API_KEY, NUGET_AUTH_TOKEN)." }, "pattern": { "type": "string", "description": "Glob pattern for symbol package files to push (for example artifacts/packages/*.symbols.nupkg). Defaults to /..snupkg." } } } } }, "helmOciArtifactSettings": { "type": "object", "description": "Settings for Helm chart packaging and OCI registry push. Auth env vars: HELM_REGISTRY_USERNAME, HELM_REGISTRY_PASSWORD, HELM_REGISTRY. For ghcr.io, GITHUB_ACTOR+GITHUB_TOKEN are used automatically in GitHub Actions (requires permissions: packages: write).", "additionalProperties": false, "properties": { "chart": { "type": "string", "description": "Chart name used to resolve packaged file names. Defaults to artifact name." }, "chartPath": { "type": "string", "description": "Path to the chart root that contains Chart.yaml.", "default": "chart" }, "output": { "type": "string", "description": "Output directory for generated .tgz chart packages.", "default": "artifacts/charts" }, "target": { "type": "object", "description": "Target settings for Helm OCI destination and login env-name overrides.", "additionalProperties": false, "properties": { "oci": { "type": "string", "description": "Full OCI destination (for example oci://ghcr.io/org/charts)." }, "ociEnv": { "type": "string", "description": "Environment variable name containing full OCI destination. Defaults to HELM_OCI_TARGET." }, "registry": { "type": "string", "description": "OCI registry host used when composing destination from registry + repository." }, "registryEnv": { "type": "string", "description": "Environment variable name containing OCI target registry. Defaults to HELM_OCI_TARGET_REGISTRY." }, "repository": { "type": "string", "description": "OCI repository path used when composing destination from registry + repository." }, "repositoryEnv": { "type": "string", "description": "Environment variable name containing OCI target repository. Defaults to HELM_OCI_TARGET_REPOSITORY." }, "loginRegistry": { "type": "string", "description": "Optional registry host to use for helm registry login." }, "loginRegistryEnv": { "type": "string", "description": "Environment variable name containing login registry override. Defaults to HELM_OCI_LOGIN_REGISTRY." }, "usernameEnv": { "type": "string", "description": "Environment variable name containing registry username. Defaults to HELM_REGISTRY_USERNAME." }, "passwordEnv": { "type": "string", "description": "Environment variable name containing registry password/token. Defaults to HELM_REGISTRY_PASSWORD." } } }, "useDocker": { "type": "boolean", "description": "Set to false to disable the Docker fallback when the host helm CLI is unavailable. Defaults to true.", "default": true }, "dockerImage": { "type": "string", "description": "Override the Helm container image used when host helm CLI is unavailable. Resolution order: HELM_CONTAINER_IMAGE env, this setting, then alpine/helm:3.17.3." } } }, "artifactSettingValue": { "description": "Recursive value type for arbitrary custom artifact settings.", "oneOf": [ { "type": "string" }, { "type": "number" }, { "type": "integer" }, { "type": "boolean" }, { "type": "array", "items": { "$ref": "#/$defs/artifactSettingValue" } }, { "type": "object", "additionalProperties": { "$ref": "#/$defs/artifactSettingValue" } } ] }, "settingValue": { "description": "Allowed primitive/array value types for generic settings maps.", "oneOf": [ { "type": "string" }, { "type": "number" }, { "type": "integer" }, { "type": "boolean" }, { "type": "array", "items": { "type": "string" } } ] }, "outputsConfig": { "type": "object", "additionalProperties": false, "description": "Output path contract. All paths default to subdirectories under the root output folder.", "properties": { "emit": { "type": "boolean", "description": "When false, Rexo does not collect or write any output files (manifests, step file outputs). Well-known overlay commands also skip passing output path arguments to toolchain CLIs.", "default": true }, "root": { "type": "string", "description": "Root folder for all generated outputs.", "default": "artifacts" }, "tests": { "type": "object", "additionalProperties": false, "description": "Paths for test-related outputs.", "properties": { "results": { "type": "string", "description": "Directory for test result files (e.g. TRX, JUnit XML).", "default": "artifacts/tests" }, "coverage": { "type": "string", "description": "Directory for coverage data files.", "default": "artifacts/coverage" }, "reports": { "type": "string", "description": "Directory for generated coverage reports (HTML, etc.).", "default": "artifacts/coverage/reports" } } }, "analysis": { "type": "object", "additionalProperties": false, "description": "Paths for analysis-related outputs.", "properties": { "reports": { "type": "string", "description": "Directory for analysis report files.", "default": "artifacts/analysis" }, "sarif": { "type": "string", "description": "SARIF output directory.", "default": "artifacts/analysis/sarif" } } }, "security": { "type": "object", "additionalProperties": false, "description": "Paths for security audit outputs.", "properties": { "audit": { "type": "string", "description": "Full file path for the npm/security audit JSON output.", "default": "artifacts/security/audit.json" }, "reports": { "type": "string", "description": "Security report output directory.", "default": "artifacts/security" }, "sarif": { "type": "string", "description": "SARIF output directory for security findings.", "default": "artifacts/security/sarif" } } }, "packages": { "type": "string", "description": "Directory for built artifact packages (NuGet, npm, Helm charts, etc.).", "default": "artifacts/packages" }, "manifests": { "type": "string", "description": "Directory for runtime manifest JSON files.", "default": "artifacts/manifests" }, "logs": { "type": "string", "description": "Directory for CI log files.", "default": "artifacts/logs" }, "temp": { "type": "string", "description": "Scratch directory for intermediate build artifacts.", "default": "artifacts/tmp" } } }, "runtime": { "type": "object", "additionalProperties": false, "examples": [ { "push": { "enabled": true, "branches": ["main", "release/*"] } } ], "properties": { "push": { "description": "Global push policy merged with per-artifact push overrides.", "$ref": "#/$defs/pushRules" } } }, "pushRules": { "type": "object", "additionalProperties": false, "examples": [ { "enabled": true, "noPushInPullRequest": true, "requireCleanWorkingTree": true, "branches": ["main", "release/*"] } ], "properties": { "enabled": { "type": "boolean", "description": "Enables or disables push globally.", "default": true }, "noPushInPullRequest": { "type": "boolean", "description": "Rejects push when CI context indicates a pull request build.", "default": false }, "requireCleanWorkingTree": { "type": "boolean", "description": "Rejects push when the git working tree has uncommitted changes.", "default": false }, "branches": { "type": "array", "description": "Allowed branch patterns for push. Empty means no branch restriction.", "examples": [ ["main", "release/*", "hotfix/*"] ], "default": [], "items": { "type": "string" } } } } } }